Allow commands to be executed on the remote computer.
To execute commands on your PC from RPG, you must first set up a server to listen for these requests and grant permission to the IBM i to execute those commands. In order for RPG to be able to call a PC application using REXEC, you will need three capabilities:
•· Identifying the IP address of a PC from within an RPG program
•· Calling the PC application from within an RPG program
•· Allowing commands to be executed on the computer
In previous articles, I explained how to identify your PC on the network using the QDCRDEVD API and how to send commands to your PC using the Run Remote Command (RUNRMTCMD) command. In this article, we will install and configure a server to support RUNRMTCMD.
Because RUNRMTCMD uses REXEC to communicate with the remote computer, you could use any REXEC daemon as the server on the remote system to process the commands. IBM has provided a windows REXEC daemon with iSeries Access called Incoming Remote Command.
Using Incoming Remote Command as the REXEC Daemon
The PC must allow external users to access the computer and provide a means to communicate commands to be executed. A server is provided with IBM iSeries Access called Incoming Remote Command, which is an optional component for the iSeries Access installation that is installed as a default. This means that your iSeries Access clients will have Incoming Remote Command unless it was manually removed from the installation list during a custom installation.
Incoming Remote Command Installation
Figure 1: Be sure the Incoming Remote Command shows as an installed component. (Click images to enlarge.)
Incoming Remote Command Configuration
In iSeries Access Properties, select the Incoming Remote Command tab and select Run As System. This will run the commands under the system account, configuring the iSeries Access for Windows Remote Command service.
Figure 2: Select Run As System in the Properties window.
Note: You must execute the following command on Windows XP to get past the firewall (the pathname to CWBRXD.EXE may vary, depending upon your Windows installation):
Netsh firewall add allowed program "C:WINDOWSCWBRXD.EXE" "iSeries Access Incoming Remote Command server"
Windows Services
The server administration is not accessible using iSeries Navigator. You will need to go into the Windows Control Panel under Administrative Tools, right-click on iSeries Access for Windows Remote Command, and select the Properties option.
Figure 3: Administration is handled from the Windows Control Panel.
You must click on the "Allow service to interact with desktop" checkbox on the Log On tab of the iSeries Access for Windows Remote Command Properties window. If you do not do this and you are executing a command that will do something on the desktop, then the command will appear to execute properly from the RPG application, but you will not see anything happen on the target computer.
Figure 4: Be sure "Allow service to interact with desktop" is activated.
You can start the server by clicking on the General tab and clicking the Start button. You can also start the server without the Properties window being open by right-clicking on the iSeries Access Remote Command option in the Services window and selecting Start.
In order for a user to start the iSeries Access for Windows Remote Command server, the user must have administrative authority. To avoid this issue, you can set the server to start automatically so the user will not require administrative authority for the server to operate. You can do this by changing the Startup Type from Manual to Automatic on the General tab.
Allowing Remote Execution Without a Password
In the Start parameters, you could enter "/nosecok" to allow anyone to use the Incoming Remote Server without a user name and password, but this is strongly discouraged because anyone on the network could execute commands on your PC if they have the REXEC client on their computer. The only reason that I could see for using this option would be if you wanted to temporarily open everything up just to get it working and then tighten down security once you have it tested out.
Allowing Remote Execution to Specified Users
I recommend that you add a user to your computer to provide access to this command. In the Log On tab on the iSeries Access for Windows Remote Command Properties window, you can select Local System Account, which will allow local accounts access to Remote Execution.
Creating a Local System Account
In the Control Panel, select User Accounts, go to the Advanced tab, and click on the Advanced button of Advanced User Management.
Figure 5: Create a new user.
Right-click on the Users folder and select New User....
Here, you can create a generic user account on your PC that you can use from within your RPG program to run on the computer.
Figure 6: Create a generic user account.
Checking the Network
Before you begin testing your REXEC client, you may want to ping your client from the iSeries to make sure that your IBM i server can see your REXEC server on the network.
To determine the IP address on the client PC, bring up the command prompt and type ipconfig. This will show you the IP address of the PC. Then you can PING the IP address of the client PC from the command line on the iSeries to see if it is visible.
Configuring Incoming Remote Command Remotely
That seems like a contradictory topic, but you can configure the remote executing server remotely. You may be thinking that you have to go around to each machine to get Incoming Remote Command to work. But this is where you can use the STRPCO and STRPCCMD commands discussed in a previous article to perform the configuration for you.
Creating and Changing Windows Users with the Command Line
If you are using a user name and password on the computer, you will need to make sure that the user exists on the machine:
net user rexecUser pwdrexec /add
And what if you want to update the passwords automatically? There's a Windows command line for that too:
net user rexecUser newPassword
Then you could allow the application to run through the firewall, as mentioned previously:
Netsh firewall add allowedprogram
"C:WINDOWSCWBRXD.EXE" "iSeries Access Incoming Remote Command server"
Incoming Remote Command Command-Line Options
The Incoming Remote Command GUI application allows you to configure the behavior of the application, but you can also pass these settings to the application as startup parameter options.
- /nosecok runs without a required user name or password. This is not recommended because you do not want to open the client up to attacks from anyone on the network.
- /runassystem provides the Command Context Options on the Incoming Remote Command window.
- /usewinlogon uses the Windows user name and password.
- /loadprof will load the profile when /runassystem is not used.
You can find a complete list of the CWBRXD.EXE startup parameter options in the IBM iSeries Access User's Guide. Go to Start > Programs > IBM iSeries Access for Windows > User's Guide.
Starting the Service from the Command Line
You can create, start, and configure Windows services from the command line using the SC Tool (Sc.exe).
Starting Windows Services from the command line:
http://support.microsoft.com/kb/251192
Windows 2000 may not include the Sc.exe command. You can download the Microsoft Windows 2000 Resource Kit at ftp://ftp.microsoft.com/reskit/win2000/. Once you download and extract the sc.zip file, you can put the Sc.exe file into the WinNTSystem32 folder.
Starting the Incoming Remote Command server in Windows Services:
sc start Cwbrxd /runassystem
CL Code
Here is a CL code sample that uses STRPCO and STRPCCMD to implement the Windows command-line statements to add a Local Windows user and start the iSeries Access Incoming Remote Command server in Windows Services.
/********************************************************************/
/* THIS CL WILL SET UP THE INCOMING REMOTE COMMAND SERVER */
/********************************************************************/
PGM
MONMSG MSGID(CPF0000)
STRPCO
STRPCCMD PCCMD('net user rexecUser pwdrexec /add') +
PAUSE(*NO)
STRPCCMD PCCMD('Netsh firewall add allowedprogram +
"C:WindowsCWBRXD.EXE" "iSeries Access +
Incoming Remote Command server"') PAUSE(*NO)
STRPCCMD PCCMD('sc start Cwbrxd /runassystem +
/loadprof') PAUSE(*NO)
END: ENDPGM
Using rexecd as the REXEC Daemon
If iSeries Access is not your emulator of choice or if you are using an operating system that does not have the Incoming Remote Command option, you can use rexecd as a solution that is not dependent on software requirements or operating systems for your REXEC daemon. There are many different REXEC daemon options available on the Internet.
A Brief Note About Security
When using the REXEC services across the network, you should be aware that the password is sent across the network in clear text (unencrypted), so make sure that your network connection is secure.
LATEST COMMENTS
MC Press Online